Senior Vulnerability Researcher Job Description
The Vulnerability Research Team within our Security Research Department develops and deploys techniques to remotely detect the presence of recently disclosed vulnerabilities. These techniques are integrated into our Internet scanning infrastructure which enables us to measure the rate at which organizations patch and remediate vulnerabilities. This function is a critical input into our capability to assess the effectiveness of organizational security programs as well as the ability to identify third-party vulnerability exposures in organizations' digital supply chains.
This role will work alongside an international team of vulnerability researchers in the research and development of new vulnerability detection and inference tools and techniques as well as the integration and operationalization of those techniques within our telemetry collection infrastructure.
Objectives & Responsibilities
* Research and analyze emerging threats as well as newly published, high-profile vulnerabilities and contribute to the development of vulnerability intelligence tooling.
* Conduct in-depth assessments of vulnerabilities to assess viability of remote, network-based detection methods.
* Reverse engineer software and software patches to identify new detection methods.
* Develop plugins, tools, and techniques to implement newly researched vulnerability detection and product fingerprinting capabilities.
* Drive innovation by researching and developing new tools and techniques.
* Provide technical leadership on research projects to include mentoring junior researchers and providing regular updates to stakeholders.
* Identify opportunities for automation and process improvement within our workflows.
* Develop vulnerability detection techniques, and communicate potential techniques, and the associated risk, with senior leadership.
Qualifications
* Bachelor's degree in Computer Science or related field; Master's degree preferred.
* Experience in vulnerability research, penetration testing, and exploit development.
* In-depth knowledge of tactics, techniques, and procedures commonly used by threat actors.
* Proven track record of innovation in the field of vulnerability research.
* Experience in leading technical projects and mentoring junior team members.
* Broad knowledge of information security principles and network protocols.
* Experience in network-based vulnerability detection capability development.
* Experience in source code analysis.
* Familiarity with software reverse engineering and patch diffing.
* Strong communication and interpersonal skills.
* Strong analytical and problem-solving skills and a track record of solving ambiguous problems.
* Machine learning experience is a plus.
* Ownership mindset.
* Proficient in Python programming.